QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1417

Published: Mar 11, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

APPLE-SA-2011-03-21-1

vendor-advisory

x_refsource_APPLE

APPLE-SA-2011-04-14-2

vendor-advisory

x_refsource_APPLE

APPLE-SA-2011-10-12-5

vendor-advisory

x_refsource_APPLE

http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

x_refsource_MISC

http://support.apple.com/kb/HT4607

x_refsource_CONFIRM

APPLE-SA-2011-04-14-1

vendor-advisory

x_refsource_APPLE

http://support.apple.com/kb/HT5003

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-11-109/

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://www.zdnet.com/blog/security/charlie-miller-wins-pwn2own-again-with-iphone-4-exploit/8378

x_refsource_MISC

http://support.apple.com/kb/HT4581

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.